<?php
namespace core;

/**
 * 基础访问控制模块
 */
class Ac
{
	static public $allACList=array();

	private $data=array();

  // 注册权限列表
	static function reg($key,$title,$desc=""){
		$key=trim($key);
		if (isset(static::$allACList[$key])){
      throw new Exception("AC key duplicate: ".$key);
    }
    static::$allMenus[$key]=array(
			"key"=>$key,
			"title"=>$title,
			"desc"=>$desc,
		);
	}
	function __construct($allow=array()){
    $this->clean();
    if (!empty($allow)) $this->allow($allow);
  }
	// 提升到超级权限
	function super($on=true){
		if ($on){
			$this->data["is_super"]=true;
		}else{
			$this->data["is_super"]=false;
		}
		return $this;
	}
	// 降低到无权限
	function none($on=true){
		if ($on){
			$this->data["is_none"]=true;
		}else{
			$this->data["is_none"]=false;
		}
		return $this;
	}
	// 检查是否是super
	function isSuper(){
		return $this->data["is_super"];
	}
	// 检查是否是none
	function isNone(){
		return $this->data["is_none"];
	}
	// 通过配置加载
	function parse($json){
		$this->data=json_decode($json,true);
	}
	// 序列化输出配置信息，可存于数据库
	function stringify(){
		return json_encode($this->data);
	}
	// 清理
	function clean(){

		$this->data=array(
			"allow"=>array(),
			"refuse"=>array(),
			"is_super"=>false,
			"is_none"=>false,
		);
		return $this;
	}
	// 添加允许权限
	function allow($keys){
		// 处理super和none特殊情况

		$keys=Func::str2arr($keys);
		foreach ($keys as $key) {
			$key=trim($key);
			if (!empty($key)){
				if (!in_array($key,$this->data["allow"])){
					$this->data["allow"][]=$key;
				}
				$key=strtolower($key);
				if ($key=="super"){
					$this->super();
				}elseif ($key=="none") {
					$this->none();
				}
			}
		}
		return $this;
	}
	// 添加拒绝权限
	function refuse($keys){
		$keys=Func::str2arr($keys);
		foreach ($keys as $key) {
			$key=trim($key);
			if (!empty($key)){
				if (!in_array($key,$this->data["allow"])){
					$this->data["allow"][]=$key;
				}
			}
		}
		return $this;
	}
	// 是否允许key,inherited是否启用继承
	function isAllow($key,$inherited=true){
		$res=in_array($key,$this->data["allow"]);
		if (!$res){
			if ($inherited){

				$keys=$this->key2arr($key);
				if (count($keys)>1){
					foreach ($this->data["allow"] as $value) {
						$values=$this->key2arr($value);
						$has=true;
						foreach ($values as $k => $v) {
							if (!isset($keys[$k])){
									$has=false;
									break;
							}
							if ($keys[$k]!=$v){
									$has=false;
									break;
							}
						}
						if ($has){
							$res=true;
							break;
						}
					}
				}
			}
		}
		return $res;
	}
	// 是否拒绝key
	function isRefuse($key){
		return in_array($key,$this->data["refuse"]);
	}
	// 获取allow
	function getAllow(){
		return $this->data["allow"];
	}
	// 获取refuse
	function getRefuse(){
		return $this->data["refuse"];
	}
	// 格式化key
	function key2arr($key){
		$key=str_replace("/",".",$key);
		$key=str_replace("\\",".",$key);
		return Func::str2arr($key,".");
	}
  // 检查权限
	function check($ac,$inherited=true){
		if (is_string($ac)){
			$ac=new self($ac);
		}
		if (is_array($ac)){
			$ac=new self($ac);
		}

		// 检查super
		if ($this->isSuper() || $ac->isSuper()){
			return true;
		}
		// 检查none
		if ($this->isNone() || $ac->isNone()){
			return false;
		}

		// 检查拒绝权限（有更高优先级）
		$list=$this->getRefuse();
		if (!empty($list)){
			foreach ($list as $value) {
				if ($ac->isAllow($value,false)){
					return false;
				}
			}
		}
		$list=$ac->getRefuse();
		if (!empty($list)){
			foreach ($list as $value) {
				if ($this->isAllow($value,false)){
					return false;
				}
			}
		}

		// 检查允许权限
		$list=$ac->getAllow();
		foreach ($list as $value) {
			if ($this->isAllow($value,$inherited)){
				return true;
			}
		}

		return false;
	}

}
